Vega allows Cross-site Scripting via the vlSelectionTuples function
The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS.
The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in vega.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vega.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vega.
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine.